jon parise // friday, october 24, 2014

Majordomo Hacks

Majordomo is a veteran mailing list manager. It's written almost entirely in Perl, I scripting language that I general attempt to avoid wherever possible. However, Majordomo has proven quite useful and flexible. On occasion, however, I find it lacking and attempt to correct or improve its behavior. Below are my various Majordomo hacks. Perhaps you'll find them useful in your own dealings with Majordomo.

As always, feel free to correct my Perl. Trust me, you won't hurt my feelings. =)

approve

I maintain a number of mailing lists that rely on moderated postings and approved subscriptions. The Majordomo distributed includes a script named approve that vastly simplifies the moderation / approval process. For conveinece sake, I can execute it from within my mail client of choice, mutt, with the following macro binding:

macro pager     A       "|~/bin/approve\nd"     "Majordomo approval"

I did encounter one major shortcoming in the approve script, however. It reads a list of mailing lists and passwords in the following format:

list-name       password        majordomo@lists.csh.rit.edu

The problem lays in the fact that the script assumes that the same password will be used for both approvals and bounces. On our site (like most others, probably), these passwords are different. I modified the stock approve script to handle two different passwords with the following format:

list-name       approve     password1       majordomo@lists.csh.rit.edu
list-name       admin       password2       majordomo@lists.csh.rit.edu

Note the addition of the new "Type" field, which allows you to specify the type of the following password. It can be set to either approve or admin.

  • approve patch - apply to approve revision 1.15, which is distributed with Majordomo 1.94.5

Postfix

I run Majordomo with Postfix, the secure mailer written by Wietse Venema. After a little research here and there, I learned that I could set up Majordomo without using its suid wrapper. Here's how to go about it:

Set up your aliases

When delivering mail locally, Postfix assumes the rights of the user who owns the aliases file to which the message is being delivered. That means that if you create a separate aliases file for Majordomo and set the ownership of that file to the Majordomo user, the Postfix delivery process (local) will delivery your Majordomo list messages as the Majordomo user. This is what you want.

Now that you have a separate aliases file for your Majordomo lists, each entry probably looks something like this:

test:           "|/var/majordomo/wrapper resend -l test test-list"
test-list:      :include:/var/majordomo/lists/test
test-request:   "|/var/majordomo/wrapper request-answer test"
test-approval:  owner-test
test-owner:     owner-test
owner-test:     jon

The whole idea is to get rid of the suid wrapper, so change your entries to look something like this:

test:           "|/var/majordomo/resend -l test test-list"
test-list:      :include:/var/majordomo/lists/test
test-request:   "|/var/majordomo/request-answer test"
test-approval:  owner-test
test-owner:     owner-test
owner-test:     jon

Make sure you update the aliases for the majordomo account, too:

majordomo:      "|/var/majordomo/majordomo"

Now build your new Majordomo aliases file using postalias:

postalias /etc/mail/aliases.majordomo

And then set the ownership to the Majordomo user:

chown majordom /etc/mail/aliases.majordomo*
chgrp majordom /etc/mail/aliases.majordomo*

Configure Majordomo

Now you'll need to configure Majordomo to work properly in the new environment. You'll have to copy majordomo.cf to /etc, set the MAJORDOMO_CF environmental variable to point to the location of your majordomo.cf file, or modify the Majordomo Perl scripts and hardcode the location of your majordomo.cf file. I chose the last option, but the decision is up to you.

You'll also want to tighten the permissions on your Majordomo home directory. Make sure everything in that directory (including the directory itself) is owned by the Majordomo user and group. Then, change the permissions on the home directory to 0700. If you allow some users in your Majordomo group for administrative purposes, you can also change this to 0750. If you want those users to be able to edit the list configuration files, too, change the permissions on the lists subdirectory to 0770.

Configure Postfix

Now you'll need to inform Postfix of your new Majordomo aliases. This is done by modifying the value of alias_maps in main.cf:

alias_maps = dbm:/etc/mail/aliases, dbm:/etc/mail/aliases.majordomo

You'll need to restart Postfix for the new configuration changes to take effect:

postfix reload

That should be it. Your Majordomo installation should now be running without the aid of wrapper. If everything looks good, it's safe to remove the suid wrapper executable from your system:

chmod u-s /var/majordomo/wrapper